Method for Protecting a Firewall Load Balancer from a Denial of Service Attack

1. An apparatus, comprising: an outbound firewall load balancer that is operable to receive a packet and to determine whether the packet is associated with an open connection such that resources are being consumed as reflected by an entry in an outbound connection database, wherein if the entry is not present in the outbound connection database then a new entry is not recorded for the outbound firewall load balancer, and wherein the packet is forwarded to a selected one of a plurality of firewalls coupled to the outbound firewall load balancer in the case where the entry is present in the outbound connection database, the packet being received by the selected firewall and then communicated to an inbound firewall load balancer, the inbound firewall load balancer being further operable to generate a new entry for the packet once it has received it from the selected firewall, the new entry being provided in an inbound connection database such that resources for the inbound firewall load balancer are then being consumed for an open flow associated with the packet.

2. The apparatus of claim 1 , wherein the selected firewall is operable to determine if the packet is associated with malicious traffic and to discard the packet such that it is not communicated to the inbound firewall load balancer in a case where the packet is associated with malicious traffic.

3. The apparatus of claim 1 , wherein the outbound firewall load balancer is coupled to one or more servers that are operable to deliver content to the outbound firewall load balancer.

4. The apparatus of claim 1 , wherein the inbound firewall load balancer is operable to deliver the packet to a computer that is operable to respond to the packet and that is associated with the open connection.

5. The apparatus of claim 1 , wherein if the packet is not associated with an open connection, the outbound firewall load balancer is operable to select one of the firewalls to direct the packet to based on a hash algorithm.

6. The apparatus of claim 1 , wherein the inbound firewall load balancer is operable to receive an additional packet from one or more computers that are coupled to the inbound firewall load balancer, the inbound firewall load balancer being coupled to an inbound connection database.

7. The apparatus of claim 6 , wherein the inbound firewall load balancer is operable to access the inbound connection database in order to see if there is an open connection associated with the additional packet, and wherein if there is not an open connection for the additional packet then a new entry in the inbound connection database is not made.

8. A method for enlisting one or more end users in a network environment in which loadbalancing occurs, comprising: enlisting one or more end users in a billing plan associated with network communications; generating a bill associated with one or more of the end users, the bill being based on the billing plan; and facilitating network communications for one or more of the end users in response to the end users being enlisted in the billing plan, whereby the network communications includes a protocol that comprises: receiving a packet at an outbound firewall load balancer; determining whether the packet is associated with an open connection such that resources are being consumed as reflected by an entry in an outbound connection database, wherein if the entry is not present in the outbound connection database then a new entry is not recorded for the outbound firewall load balancer; and forwarding the packet to a selected one of a plurality of firewalls coupled to the outbound firewall load balancer in the case where the entry is present in the outbound connection database, wherein the packet may be received by the selected firewall and then communicated to an inbound firewall load balancer, wherein the inbound firewall load balancer is operable to generate a new entry for the packet once it has received it from the selected firewall, the new entry being provided in an inbound connection database such that resources for the inbound firewall load balancer are then being consumed for an open flow associated with the packet.

9. The method of claim 8 , wherein the selected firewall is operable to determine if the packet is associated with malicious traffic and to discard the packet such that it is not communicated to the inbound firewall load balancer in a case where the packet is associated with malicious traffic.

10. The method of claim 8 , wherein the outbound firewall load balancer is coupled to one or more servers that are operable to deliver content to the outbound firewall load balancer.

11. The method of claim 8 , wherein the inbound firewall load balancer is operable to deliver the packet to a computer that is operable to respond to the packet and that is associated with the open connection.

12. The method of claim 8 , wherein if the packet is not associated with an open connection, the outbound firewall load balancer is operable to select one of the firewalls to direct the packet to based on a hash algorithm.

13. The method of claim 8 , wherein the inbound firewall load balancer is operable to receive an additional packet from one or more computers that are coupled to the inbound firewall load balancer, the inbound firewall load balancer being coupled to an inbound connection database.

14. The method of claim 13 , wherein the inbound firewall load balancer is operable to access the inbound connection database in order to see if there is an open connection associated with the additional packet, and wherein if there is not an open connection for the additional packet then a new entry in the inbound connection database is not made.

15. A computer readable medium storing software comprising computer code that is executed by a processor in order to: receive a packet at an outbound firewall load balancer; determine whether the packet is associated with an open connection such that resources are being consumed as reflected by an entry in an outbound connection database, wherein if the entry is not present in the outbound connection database then a new entry is not recorded for the outbound firewall load balancer; and forward the packet to a selected one of a plurality of firewalls coupled to the outbound firewall load balancer in the case where the entry is present in the outbound connection database, wherein the packet may be received by the selected firewall and then communicated to an inbound firewall load balancer, wherein the inbound firewall load balancer is operable to generate a new entry for the packet once it has received it from the selected firewall, the new entry being provided in an inbound connection database such that resources for the inbound firewall load balancer are then being consumed for an open flow associated with the packet.

16. The medium of claim 15 , wherein the code operates to determine if the packet is associated with malicious traffic and to discard the packet such that it is not communicated to the inbound firewall load balancer in a case where the packet is associated with malicious traffic.

17. The medium of claim 15 , wherein the outbound firewall load balancer is coupled to one or more servers that operate to deliver content to the outbound firewall load balancer.

18. The medium of claim 15 , wherein the code operates to deliver the packet to a computer that operates to respond to the packet and that is associated with the open connection.

19. The medium of claim 15 , wherein if the packet is not associated with an open connection, the code operates to select one of the firewalls to direct the packet to based on a hash algorithm.

20. The medium of claim 15 , wherein the code operates to receive an additional packet from one or more computers that are coupled to the inbound firewall load balancer, the inbound firewall load balancer being coupled to an inbound connection database.

21. The medium of claim 20 , wherein the code operates to access the inbound connection database in order to see if there is an open connection associated with the additional packet, and wherein if there is not an open connection for the additional packet then a new entry in the inbound connection database is not made.